On 20 October 2013 00:44, Christian Heimes <christian at python.org> wrote:
> Am 19.10.2013 16:14, schrieb Nick Coghlan:
>> At the very least, it would be good if you and/or MAL could review
>> the cert verification in pip. PEP 453 makes that kinda important
>> :)
>> Where can I find the code for PEP 453?
It's the cert verification in pip that's relevant - the PEP was
updated so that ensurepip itself never talks to the internet. So I
guess that would mean checking the cert verification in pip's vendored
copy of requests:
https://github.com/pypa/pip/tree/develop/pip/vendor/requests
(So I guess if you do find any issues, they would likely be applicable
to the upstream requests package as well)
Cheers,
Nick.
--
Nick Coghlan | ncoghlan at gmail.com | Brisbane, Australia